Cross site scripting in francoisjacquet/rosariosis

Valid

Reported on

May 5th 2022


Description

  1. Login as teacher 2.Create a new assignment at https://www.rosariosis.org/demonstration/Modules.php?modname=Grades/Assignments.php&assignment_type_id=3&assignment_id=new
  2. Add this payload in discription <iframe src=https://brutelogic.com.br/poc.svg><iframe>
  3. Save this assigment
  4. You will see a prompt

Impact

Cross site scripting

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. 22 days ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back 21 days ago
François Jacquet validated this vulnerability 21 days ago
Distorted_Hacker has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet confirmed that a fix has been merged on 069e30 21 days ago
François Jacquet has been awarded the fix bounty
to join this conversation